SA AV Vendor Recycling News for FUD Marketing

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Random Entry: Viva Las Vegas, BlackHat & Defcon USA 2008
< Using Maltego to Data Mine Twitter | Department of Home Affairs Snooping Tools >

Tuesday, March 17. 2009

SA AV Vendor Recycling News for FUD Marketing

ClassicFM just phoned me for comment on this story. I did some quick research and was rather dismayed to find that this appears to be an attempt to drum up some press references for marketing rather than a responsible informing of the public.

Update: ClassicFM has put up the story with a soundbite.

It was referencing X97M/TrojanDropper.Agent.NAI.trojan (the vendor in question isn't McAfee, they just had a good writeup) which exploited an unpatched vulnerability (CVE-2008-0081 to be specific) in early 2008, but was patched by Microsoft in October 2008. So, by now the patch is likely deployed to even your mother's machine in the cupboard, and AV vendors have got several copies of the signature deployed. In addition, the specific trojan was used in targeted attacks and it is highly likely that no person or company in SA will ever see a copy, even if they did, the generic advice of 'be suspicious of .xls files' is fairly useless.

To add insult to injury, the AV vendor seems to have received orders from their head office as their international office engaged in the same FUD last month.

This appears to be fairly blatant scaremongering in order to get their name in the papers, the sort that harm the whole industry and makes people unable to differentiate between real threats with real actions they can take. There may be a good explanation, and if the vendor in question wants to clear things up I'll publish it here, although having not mentioned their name I doubt they'll see it. In the meantime, I recommend journos blacklist them as a source.

Now, if anyone wants to write about the PDF tomfoolery that's been going on lately, that would be far more interesting. Although, even then only to IT and security types, not the general public yet.

Posted by Dominic White in Security at 13:04 | Comments (2) | Trackbacks (0)

Last modified on 2009-03-18 10:44

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

Well stated Dominic. This takes me back to the days when a local bank's customer credentials were leaked via some harvesting tool, and most of the jurnos were asking me if the banks in SA are secure. "I'm sure they all are way up there when compared to other best effort" was my reply, "but you need to understand that when you lose your wallet, you cannot blame the bank when it comes back to you rather empty!" Likewise we now have an active marketing attempt (and I have no problem with that as long we we all play fair, as I too am looking for my share of the pie) that is digging into the past to fatten up the turkey from last Xmas. That meat is no longer tender. Moreover, as stated above, we have enough scary things to concern ourselves with than to now have lots of questions to respond to while good (old? better? best?) practice should have mitigated this threat a loooong time ago. Let us rather focus our media efforts on educating the users on what is safe hex ;) and what could potentially lead to a user interacting with a system that could be harmful for her continued financial well being or personal privacy. Karel

#1 Karel Rode (Homepage) on 2009-03-17 17:43 (Reply)

Dominic, All's fair in love and war and naturally marketing departments will try everything to sell product. That's their job. Its up to a company to have an Information Security Office that can sort the bad from the good and make some good decisions. It is up to the press to find a counter argument and to establish the truth as best as possible which it seems that, in this case, they did. (I haven't listened to the sound bite but I assume that you did a good job of presenting the truth and getting rid of the FUD.) An interesting statistic that I think of is that, for kids under the age of 12, there are only two things that they can die unnaturally (accidentally) from - drowning and car crashes. Everything else that they can die from has negligible statistics but still you get cupboard lock things, plug point covers, non-slip carpets etc etc. and yet parents are lazy with pool gates and nets and putting kids in car chairs. Information Security makes good press but the radio stations are getting the information from the vendors, each who will bend the risks to suit themselves. Its business.

#2 Allen Baranov (Homepage) on 2009-03-18 10:44 (Reply)

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry